We performed a comparison between Fortinet FortiGate and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Easy to implement, and it is also reliable."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"The interface is very user-friendly and I like it very much."
"Fortinet FortiGate is a stable solution."
"The next-generation firewall is great."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"What I like about the VM-Series is that you can launch them in a very short time."
"The most valuable features are security and support."
"Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view."
"The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"We use the product on our Azure network firewalls."
"Palo Alto Networks VM-Series's most valuable feature is the visibility of the environment."
"The interface with Panorama makes it very easy to use."
"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."
"Monitoring and reporting could be better."
"They are doing good, but they can improve the distributor assignment. The availability of the product and the timeline of delivery are the main things. The distribution should be swift, and the distributor should not reach out to end customers directly. They should work as a distributor. There should also be one more local distributor. Currently, there is only one distributor in Pakistan, and the rest of them are in UAE. It is difficult to work with only one distributor. Sometimes, you don't get along with the same distributor, and that's why they should have one more distributor. Their licensing should also be improved. The activation or renewal of the product should be done from the date of renewal, not from the date on which the license expired."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"It claims it does DLP, but the degree and level of controls are very basic."
"We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable."
"We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID."
"On the cloud side, they need to come up with more HA solutions to support the multi-region."
"We don't know how it will scale once we start putting more load on it."
"Palo Alto is that it is really bad when it comes to technical support."
"The tool is very costly."
"We have run into some issues with scaling and limitations associated with some of the configurations."
"From time to time, they have released some content updates that have some issues, maybe twice a year."
"AWS doesn't integrate well with third-party firewalls."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 53 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and WatchGuard Firebox, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall. See our Fortinet FortiGate vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention.
I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:
1. Internet Bandwidth
2. No. Of users - In-house and users connecting from home/outside organization network.
3. Security features required - Sandoxing, DNS Security, etc.
4. Port density required on the firewall.
5. SSL decryption.
6. Deployment - On-prem or virtual DC or on Cloud.
7. HA requirement
8. MFA requirement
9. Local presence of Palo Alto/Fortinet expert team.
10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
11. Integration with other security solution like EDR/XDR or XSOAR
12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
13. Customer's current IT Team strategy
14. Customer future IT strategy (to move on the cloud, etc)
15. Customer's growth and scalability in 5 years.
16. Reporting and logging requirement.
17. Customer's budget for IT Security.
Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.
Palo Alto NGFW will be best recommended for the following:
1. Deployment on the cloud - It has a very stable PANOS for VM-Series
2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
4. Integration with EDR/XDR and SOAR/XSOAR platforms.
5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
9. Security features:
-- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
-- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
-- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
and many more...
Benefits in Fortigate firewall will be:
1. More port density.
2. Better SD-WAN configuration
3. Easy User interface and hence lacks granular controls.
4. Provides seamless integration with FortiToken for MFA(additional cost).
5. Seamless integration with Forti Load balancer.
6. Low cost (than Palo Alto least).
Thanks
Darshil Sanghvi
Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.
The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.
Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need.
I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto
I strongly recommend Sophos XG Firewall.
Take a look
Sophos Firewall: Synchronized Next-Gen Firewall
I think you can go with Palo Alto...
Palo Alto
I would recommend Palo Alto